Client Privacy Notice

Organizational Culture Surveys and Talent Management Normative Database

1. Introduction

Chapman & Co. Leadership Institute provides organizational culture surveys, as well as talent management and training and learning services to its clients. This Privacy Notice describes how Chapman & Co. Leadership Institute, Inc. (“the Company”, “we” or “us”) processes data, that in some instances may be considered Personal Data, in relation to the Organizational Culture Surveys and Talent Management Normative Database (“Normative Database”). In this Privacy Notice, Personal Data refers to any information relating to an identified or identifiable person.

We collect Personal Data directly from individuals who respond to the organizational culture surveys, utilize training and learning services, or provide information about themselves as part of assessment and development sessions and questionnaires (“Respondents”). We also collect Personal Data, especially demographic information, from our clients (i.e. from the employers of these Respondents) before or during the surveys. We can also collect Personal Data from the person’s colleagues for assessment and development purposes. The data that is collected forms the basis for our analysis and recommendations. We do not knowingly collect Personal Data about minors.

We may also process Personal Data as a processor, on behalf of our client. The client’s applicable privacy notice provides the description of processing.

2. What Personal Data is Used

2.1 Surveys

Demographic Information:

Categories of Personal Data typically include the following: age; role (exact role title and job category); exemption status (in the US); tenure (number of years in this role / with this company); department in the company; work location (town and/or country); type of industry that the company operates in. In addition to this, the client may provide information about the company and its business to be used for the analysis.

Survey Responses:

Survey responses typically include the Respondent’s perceptions about the Respondent’s leader and other employees, as well as about the Respondent themselves and their company as a whole.

Website Usage:

We may also collect information about how the survey website is used, for example, the time it takes for Respondents to fill in the survey, or what type of device Respondents use when filling in the survey.

Personal Data that is not Included in the Normative Database:

Even if processed during the surveys, the Normative Database does not contain the Respondent’s name, email address, employee identification number, IP address, or company name. Further, Personal Data that can be regarded as more sensitive (e.g. race or information about union membership), will not be collected to the Normative Database unless considered necessary, and permissible under applicable law, or with explicit consent when so required by applicable law.

2.2 Talent Management

Categories of Personal Data typically include the following: Name; contact details; information about experience and current, former, and potential future roles; assessment of skills, abilities, competencies, and work style; analysis of strengths, weaknesses, development needs, cultural fit and leadership style, relative to the position; assessment on the person’s ability to learn from their experiences, predicting their future abilities; cognitive and personality assessments.

2.3 Training and Learning

Categories of Personal Data typically include the following: Name, email, title, department, company, dietary restrictions, and responses to questions.

3. How Personal Data is Used

Personal Data may be processed (also by machine learning and artificial intelligence techniques) for the following purposes: To include statistical comparison data and analysis to our clients (for example, when providing survey results, stating what is an average score for a certain question among the companies within that industry); for the usage tracking, monitoring, analysis and improvement of the service; managing the security and handling technical issues; to organize training and learning; to develop learning effectiveness, and to form insights for future consulting needs and continuous improvement opportunities, or any other related purposes.

4. Sharing and Transfer

Personal Data may be accessed and processed, when necessary for the purposes described above, by our relevant team members. When necessary, Personal Data may also be shared in special circumstances with, for example, external advisors including, but not limited to, legal and tax advisors, auditors, creditors, or with relevant authorities or other appropriate parties when required by applicable law. Further, we may use third-party service providers (including, for example, software and cloud providers) to process Personal Data on our behalf.

Personal Data may be stored, transferred to, and processed in any country where we have team members or facilities or in which we engage service providers, including in the United States of America. We implement appropriate safeguards to protect Personal Data as required when transferred, including transfers outside the European Union (EU) and European Economic Area (EEA).

5. Legal Basis and Retention

Processing of Personal Data is mainly based on the legitimate interests of the Company or the performance of a contract.

Personal Data will be retained in accordance with applicable records retention policies of the Company, or as long as reasonably necessary for the purposes in accordance with applicable legislation, whichever is longer.

6. Security

We implement and maintain industry-standard technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and the nature, scope, context, and purposes of processing of Personal Data.

7. More Information

 Respondents may contact us for more information on how their Personal Data is collected, used, and disclosed. Respondents may also request copies of or rectification or deletion of their Personal Data, when applicable. Depending on the applicable legislation, Respondents may also have the right to lodge a complaint with an applicable supervisory authority regarding how their Personal Data is used.

Contact details for more information and requests:

8. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on the applicable websites.